Vim, gVim: Remote execution of arbitrary code
— GLSA 201706-26

Multiple vulnerabilities have been found in Vim and gVim, the worst
of which might allow remote attackers to execute arbitrary code.

Affected Packages

Package

app-editors/vim on all architectures

Affected versions

< 8.0.0386

Unaffected versions

>= 8.0.0386

Package

app-editors/gvim on all architectures

Affected versions

< 8.0.0386

Unaffected versions

>= 8.0.0386

Background

Vim is an efficient, highly configurable improved version of the classic
‘vi’ text editor. gVim is the GUI version of Vim.

Description

Multiple vulnerabilities have been discovered in Vim and gVim. Please
review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted spell
file using Vim or gVim, possibly resulting in execution of arbitrary code
with the privileges of the process or a Denial of Service condition.